Open hmanalai opened 6 years ago
Original report by Benjamin Quesada (Bitbucket: benrquesada, GitHub: benrquesada).
User permissions were not updated for /AddUser/ and /ViewUser/ in the website so if regular users (aka students) knew the URL they could access the web-page and make changes to the Users.
No danger as long as the students don't know the URL.
Original report by Benjamin Quesada (Bitbucket: benrquesada, GitHub: benrquesada).
User permissions were not updated for /AddUser/ and /ViewUser/ in the website so if regular users (aka students) knew the URL they could access the web-page and make changes to the Users.
No danger as long as the students don't know the URL.